Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Mail Systems
Eclipse Documentation

How To Guides
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Problem Solutions
Privacy Policy




SSH Tunnelling

Tunnelling allows connections to be made to remote services through an encrypted connection. This is useful if there is a firewall preventing your access to a server from one machine, but you do have access to the server from another machine to which you can use ssh to connect.

Ssh uses port forwarding to establish a connection between a local port and the port which runs the service to be tunnelled on the remote machine (which might be POP or FTP or HTTPS, for example). Once port forwarding is set up you connect to the local port which then forwards the connection through ssh to the remote port. That is, all requests sent to the local port are forwarded to the remote port and thus encrypted, and from the remote port it appears you are actually on that remote host.

Tunnelling requires the remote host to be running an ssh server, which can be checked using telnet to connect to port 22:

  $ telnet 22

You will either receive a message stating the version of the remote ssh server or an error message similar to:

  telnet: Unable to connect to remote host: Connection refused

The ssh syntax for port forwarding is:

  $ ssh -f [[email protected]] 
        -L [local port]:[alpine]:[remote port] [command]

A useful example is tunnelling of POP as described in Section 29.3.1. We list a number of actual examples here:

Suppose you want to access your secure https server from outside the secure network. The https server uses port 443. suppose you have ssh access to host lynx. Establish the tunnel with:

  $ ssh -2 -n -N -f -a -C -L lynx sleep 1000d

Then you can access this firewall protected HTTPS server locally through https://localhost:5443/.

Here's an example using POP:

  $ ssh -2 -n -N -f -a -L 5143:mail-bt:143 lynx sleep 1000d

Then you can access the POP server on your local machine.

Copyright © 1995-2006 [email protected]

  Published under the terms fo the GNU General Public License Design by Interspire